Former Director of Neohapsis Labs, Mike Murray has an extensive resume in InfoSec. His current passions include career advancement &amp; social engineering, but this column is dedicated to whatever strikes his fancy.

These days, it’s hard to perform a penetration test without attempting some sort of online social engineering, and most often, this takes the format of some type of phishing attack (whether targeted or across a wide user base).

While we spend epic amounts of time getting our exploits and payloads perfect (even if we’re using SET), far too often we see testers using stock emails or variants of canned emails that they’ve been taught to use without thinking about the real keys to getting their emails read and acted upon.

These are my five most-often overlooked secrets to making sure that your email phishing works...

Let him know what you think, and, if it helped, tell us how.

Don

Last edited by don on Wed Mar 02, 2011 1:28 pm, edited 1 time in total.

I have been working on a review based on the 90 days of access they granted me late last year. I had sent some questions over to THA which they responded to but then I completely dropped the ball in the midst of everything else going on. I'd be happy to finish putting that together. I'll try to get it done this next week and post it here.